diff --git a/.gitignore b/.gitignore index 4c74636..8b09f60 100644 --- a/.gitignore +++ b/.gitignore @@ -106,3 +106,4 @@ sssd-1.2.91.tar.gz /sssd-2.8.1.tar.gz /sssd-2.8.2.tar.gz /sssd-2.9.0.tar.gz +/sssd-2.9.1.tar.gz diff --git a/0001-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch b/0001-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch new file mode 100644 index 0000000..c849fe7 --- /dev/null +++ b/0001-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch @@ -0,0 +1,31 @@ +From 74d0f4538deb766592079b1abca0d949d6dea105 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Thu, 15 Jun 2023 12:05:03 +0200 +Subject: [PATCH 1/1] BUILD: Accept krb5 1.21 for building the PAC plugin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Alejandro López +Reviewed-by: Sumit Bose +--- + src/external/pac_responder.m4 | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4 +index 3cbe3c9cfba03b59e26a8c5c2d73446eead2acea..90727185b574411bddd928f8d87efdc87076eba4 100644 +--- a/src/external/pac_responder.m4 ++++ b/src/external/pac_responder.m4 +@@ -22,7 +22,8 @@ then + Kerberos\ 5\ release\ 1.17* | \ + Kerberos\ 5\ release\ 1.18* | \ + Kerberos\ 5\ release\ 1.19* | \ +- Kerberos\ 5\ release\ 1.20*) ++ Kerberos\ 5\ release\ 1.20* | \ ++ Kerberos\ 5\ release\ 1.21*) + krb5_version_ok=yes + AC_MSG_RESULT([yes]) + ;; +-- +2.41.0 + diff --git a/0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch b/0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch deleted file mode 100644 index d2c10a6..0000000 --- a/0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch +++ /dev/null @@ -1,251 +0,0 @@ -From eb43c2400a34a4ab77be4f75ba7536baecda3bef Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= -Date: Wed, 10 May 2023 17:29:07 +0200 -Subject: [PATCH 1/4] FILE WATCH: Callback not executed on link or relative - path -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When the watched file was a symbolic link or was a relative path, -the calback was not executed because the filename comparison -was wrongly considering the files to be different. - -The solution is to normalize the filenames before comparing them. -This cannot be easily done at setup because the file could not -exist at that moment. - -The test was adapted to check this situation. - -Resolves: https://github.com/SSSD/sssd/issues/6718 - -Reviewed-by: Alexey Tikhonov -Reviewed-by: Pavel Březina -(cherry picked from commit b2a4ff2aa67707c226c5835c1fcac042fce1cae3) ---- - src/tests/file_watch-tests.c | 87 +++++++++++++++++++++++++----------- - src/util/file_watch.c | 26 +++++++++-- - 2 files changed, 85 insertions(+), 28 deletions(-) - -diff --git a/src/tests/file_watch-tests.c b/src/tests/file_watch-tests.c -index 3ca5b44f9553e26bfefa5ee3449b374121c7fcca..3e1aea6cece863c6a762d6a98cc1885aeb395c5a 100644 ---- a/src/tests/file_watch-tests.c -+++ b/src/tests/file_watch-tests.c -@@ -36,11 +36,19 @@ - #include "util/file_watch.h" - #include "tests/common.h" - --#define FW_DIR TEST_DIR "/file-watch" --#define WATCHED_FILE_INOTIFY FW_DIR "/watched_file_inotify" --#define WATCHED_FILE_POLL FW_DIR "/watched_file_poll" --#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/watched_file_inotify.exists" --#define WATCHED_EXISTING_FILE_POLL FW_DIR "/watched_file_poll.exists" -+#define FW_NAME "/file-watch-test-dir" -+#define FILE_INOTIFY_NAME "watched_file_inotify" -+#define FILE_POLL_NAME "watched_file_poll" -+#define FW_DIR TEST_DIR FW_NAME -+#define EXISTING_FILE_INOTIFY_NAME FILE_INOTIFY_NAME ".exists" -+#define EXISTING_FILE_POLL_NAME FILE_POLL_NAME ".exists" -+#define WATCHED_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" FILE_INOTIFY_NAME -+#define WATCHED_FILE_POLL FW_DIR "/.." FW_NAME "/" FILE_POLL_NAME -+#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" EXISTING_FILE_INOTIFY_NAME -+#define WATCHED_EXISTING_FILE_POLL FW_DIR "/.." FW_NAME "/" EXISTING_FILE_POLL_NAME -+#define WATCHED_EXISTING_LINK_INOTIFY FW_DIR "/" EXISTING_FILE_INOTIFY_NAME ".link" -+#define WATCHED_EXISTING_LINK_POLL FW_DIR "/" EXISTING_FILE_POLL_NAME ".link" -+#define UNWATCHED_FILE FW_DIR "/unwatched_file" - - - static TALLOC_CTX *test_mem_ctx; -@@ -50,34 +58,51 @@ struct fn_arg { - int counter; - }; - -+static void remove_files(void) -+{ -+ unlink(WATCHED_FILE_INOTIFY); -+ unlink(WATCHED_FILE_POLL); -+ unlink(WATCHED_EXISTING_LINK_INOTIFY); -+ unlink(WATCHED_EXISTING_LINK_POLL); -+ unlink(WATCHED_EXISTING_FILE_INOTIFY); -+ unlink(WATCHED_EXISTING_FILE_POLL); -+ unlink(UNWATCHED_FILE); -+} -+ - static void setup_file_watch(void) - { -+ DEBUG(SSSDBG_TRACE_ALL, "==========================================\n"); - test_mem_ctx = talloc_new(NULL); - mkdir(FW_DIR, 0700); -- unlink(WATCHED_FILE_INOTIFY); -- unlink(WATCHED_FILE_POLL); -- unlink(WATCHED_EXISTING_FILE_INOTIFY); -- unlink(WATCHED_EXISTING_FILE_POLL); -+ remove_files(); - } - -- - static void teardown_file_watch(void) - { -- unlink(WATCHED_FILE_INOTIFY); -- unlink(WATCHED_FILE_POLL); -- unlink(WATCHED_EXISTING_FILE_INOTIFY); -- unlink(WATCHED_EXISTING_FILE_POLL); - talloc_free(test_mem_ctx); -+ remove_files(); -+ rmdir(FW_DIR); - } - - - static void callback(const char *filename, void *arg) - { -- DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n"); -+ static char received[PATH_MAX + 1]; -+ static char expected[PATH_MAX + 1]; -+ char *res; - struct fn_arg *data = (struct fn_arg *) arg; - -+ DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n"); -+ - ck_assert_msg(data != NULL, "Callback received NULL argument"); -- ck_assert_msg(strcmp(filename, data->filename) == 0, -+ -+ res = realpath(data->filename, expected); -+ ck_assert_msg(res != NULL, "Failed to normalize the expected filename"); -+ -+ res = realpath(filename, received); -+ ck_assert_msg(res != NULL, "Failed to normalize the received filename"); -+ -+ ck_assert_msg(strcmp(expected, received) == 0, - "Wrong filename in the callback."); - data->counter++; - } -@@ -88,7 +113,7 @@ static void modify_file(const char *filename) - int fd; - int res; - -- DEBUG(SSSDBG_TRACE_FUNC, "File modified\n"); -+ DEBUG(SSSDBG_TRACE_FUNC, "Modifying file %s\n", filename); - fd = open(filename, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR); - ck_assert_msg(fd != -1, "Failed to open the file."); - -@@ -119,11 +144,14 @@ static void test_file_watch_no_file(bool use_inotify) - arg.filename = filename; - arg.counter = 0; - -+ DEBUG(SSSDBG_TRACE_ALL, "Watching file %s\n", filename); - ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg); - ck_assert_msg(ctx != NULL, "Failed to watch a file."); - ck_assert_msg(arg.counter == 0, "Unexpected callback invocation."); - -- // At this point the file doesn't exist, we will create it. -+ // At this point the file doesn't exist. We create the watched and an -+ // unwatched file -+ modify_file(UNWATCHED_FILE); - modify_file(filename); - if (use_inotify) { - res = tevent_loop_once(ev); -@@ -152,26 +180,35 @@ static void test_file_watch_with_file(bool use_inotify) - { - struct file_watch_ctx *ctx; - struct tevent_context *ev; -+ const char *filepath; - const char *filename; -+ const char *linkpath; - struct fn_arg arg; - int res; - - if (use_inotify) { -- filename = WATCHED_EXISTING_FILE_INOTIFY; -+ filename = EXISTING_FILE_INOTIFY_NAME; -+ filepath = WATCHED_EXISTING_FILE_INOTIFY; -+ linkpath = WATCHED_EXISTING_LINK_INOTIFY; - } else { -- filename = WATCHED_EXISTING_FILE_POLL; -+ filename = EXISTING_FILE_POLL_NAME; -+ filepath = WATCHED_EXISTING_FILE_POLL; -+ linkpath = WATCHED_EXISTING_LINK_POLL; - } -- modify_file(filename); -+ modify_file(filepath); -+ res = symlink(filename, linkpath); -+ ck_assert_msg(res == 0, "Failed create the symbolic link"); - - ev = tevent_context_init(test_mem_ctx); - ck_assert_msg(ev != NULL, "Failed to create the tevent context."); - -- arg.filename = filename; -+ arg.filename = linkpath; - arg.counter = 0; - - // File already exists -- ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg); -- ck_assert_msg(ctx != NULL, "Failed to watch a file."); -+ DEBUG(SSSDBG_TRACE_ALL, "Watching link %s\n", linkpath); -+ ctx = fw_watch_file(test_mem_ctx, ev, linkpath, use_inotify, callback, &arg); -+ ck_assert_msg(ctx != NULL, "Failed to watch a link."); - ck_assert_msg(arg.counter >= 1, "Callback not invoked at start up."); - ck_assert_msg(arg.counter <= 1, "Callback invoked too many times at start up."); - -@@ -179,7 +216,7 @@ static void test_file_watch_with_file(bool use_inotify) - if (!use_inotify) { - sleep(2); // Detection by polling is based on the file's modification time. - } -- modify_file(filename); -+ modify_file(filepath); - if (use_inotify) { - res = tevent_loop_once(ev); - ck_assert_msg(res == 0, "tevent_loop_once() failed."); -diff --git a/src/util/file_watch.c b/src/util/file_watch.c -index b994e41163a4955a2f68f3b12f6f99831d64ed2e..d19fdccd608a378f3351200a62708a02fb61a529 100644 ---- a/src/util/file_watch.c -+++ b/src/util/file_watch.c -@@ -121,7 +121,10 @@ static int watched_file_inotify_cb(const char *filename, - uint32_t flags, - void *pvt) - { -+ static char received[PATH_MAX + 1]; -+ static char expected[PATH_MAX + 1]; - struct file_watch_ctx *fw_ctx; -+ char *res; - - DEBUG(SSSDBG_TRACE_LIBS, - "Received inotify notification for %s\n", filename); -@@ -131,15 +134,32 @@ static int watched_file_inotify_cb(const char *filename, - return EINVAL; - } - -- if (strcmp(fw_ctx->filename, filename) == 0) { -- if (access(fw_ctx->filename, F_OK) == 0) { -- fw_ctx->cb(fw_ctx->filename, fw_ctx->cb_arg); -+ res = realpath(fw_ctx->filename, expected); -+ if (res == NULL) { -+ DEBUG(SSSDBG_TRACE_LIBS, -+ "Normalization failed for expected %s. Skipping the callback.\n", -+ fw_ctx->filename); -+ goto done; -+ } -+ -+ res = realpath(filename, received); -+ if (res == NULL) { -+ DEBUG(SSSDBG_TRACE_LIBS, -+ "Normalization failed for received %s. Skipping the callback.\n", -+ filename); -+ goto done; -+ } -+ -+ if (strcmp(expected, received) == 0) { -+ if (access(received, F_OK) == 0) { -+ fw_ctx->cb(received, fw_ctx->cb_arg); - } else { - DEBUG(SSSDBG_TRACE_LIBS, - "File %s is missing. Skipping the callback.\n", filename); - } - } - -+done: - return EOK; - } - --- -2.39.2 - diff --git a/sources b/sources index 230117e..0c9a511 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sssd-2.9.0.tar.gz) = cf65572cfa6468c4b3edc3a33a48ab6d58979917901662eb8b2d8fc5931494be81da13295246500a3a315b71d0395594c9a565014e5875f3cdde50da096f253d +SHA512 (sssd-2.9.1.tar.gz) = eb7345dcfbbd51f005f67ee5032364d369d24589111ded60701e2dbe09563f0b862d343f231dd2e9d548acd8c560a036c8b88a0601f9aa048a7202da8202cd9b diff --git a/sssd.spec b/sssd.spec index 9bfe87e..65a3a01 100644 --- a/sssd.spec +++ b/sssd.spec @@ -42,15 +42,15 @@ %global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) Name: sssd -Version: 2.9.0 -Release: 2%{?dist} +Version: 2.9.1 +Release: 1%{?dist} Summary: System Security Services Daemon License: GPL-3.0-or-later URL: https://github.com/SSSD/sssd/ -Source0: https://github.com/SSSD/sssd/releases/download/2.9.0/sssd-2.9.0.tar.gz +Source0: https://github.com/SSSD/sssd/releases/download/2.9.1/sssd-2.9.1.tar.gz ### Patches ### -Patch0001: 0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch +Patch0001: 0001-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch ### Dependencies ### @@ -1059,6 +1059,9 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Mon Jun 26 2023 Pavel Březina - 2.9.1-1 +- Rebase to SSSD 2.9.1 + * Tue Jun 13 2023 Python Maint - 2.9.0-2 - Rebuilt for Python 3.12